Environment
Novell Apache on NetWare
Novell Tomcat on NetWare 6.5
Novell NetWare 6.5
Novell Tomcat on NetWare 6.5
Novell NetWare 6.5
Situation
Due to security vulnerability
involving the Tomcat connector, mod_jk.nlm was updated from the
Tomcat website. After the upgrade, all pages that are served
through Tomcat are inaccessible and result with an Apache "Error
404- Page Not Found."
The file that was downloaded and installed is:
mod_jk-1.2.26-httpd-2.0.61-nw.zip
The file that was downloaded and installed is:
mod_jk-1.2.26-httpd-2.0.61-nw.zip
Resolution
Revert to the shipping version of mod_jk.nlm. If security is
a concern, edit the SYS:/tomcat/4/conf/server.xml file and locate
the AJP connector (search for port 9009 and 9010). In the tag (after "connector" but before the closing">" symbol), add a configuration setting for :
address="127.0.0.1"This should force that connector to only listen on the loop back address.
Additional Information
The NLM has also been known to cause Apache to fail loading the
AJP13 connectors, failing with an error regarding JkWorkersFile
already being set, and not setting twice.
The default Apache workers file specifies contacting the service on the loop back address. If this has changed, or if another server requires connecting to this servers instance of tomcat, do not make this change. It prevents anything on the network from connecting to the tomcat connector. An example of the connector tag would be :
The default Apache workers file specifies contacting the service on the loop back address. If this has changed, or if another server requires connecting to this servers instance of tomcat, do not make this change. It prevents anything on the network from connecting to the tomcat connector. An example of the connector tag would be :
< Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="9010" minProcessors="5" maxProcessors="250"
address="127.0.0.1"
enableLookups="true"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>